Enhancing security incident response follow-up efforts with lightweight agile retrospectives

Security incidents detected by organizations are escalating in both scale and complexity. As a result, security incident response has become a critical mechanism for organizations in an effort to minimize the damage from security incidents. The final phase within many security incident response approaches is the feedback/follow-up phase. It is within this phase that an organization is expected to use information collected during an investigation in order to learn from an incident, improve its security incident response process and positively impact the wider security environment. However, recent research and security incident reports argue that organizations find it difficult to learn from incidents. A contributing factor to this learning deficiency is that industry focused security incident response approaches, typically, provide very little practical information about tools or techniques that can be used to extract lessons learned from an investigation. As a result, organizations focus on improving technical security controls and not examining or reassessing the effectiveness or efficiency of internal policies and procedures. An additional hindrance, to encouraging improvement assessments, is the absence of tools and/or techniques that organizations can implement to evaluate the impact of implemented enhancements in the wider organization. Hence, this research investigates the integration of lightweight agile retrospectives and meta-retrospectives, in a security incident response process, to enhance feedback and/or follow-up efforts. The research contribution of this paper is twofold. First, it presents an approach based on lightweight retrospectives as a means of enhancing security incident response follow-up efforts. Second, it presents an empirical evaluation of this lightweight approach in a Fortune 500 Financial organization's security incident response team

Learning in the Large - An Exploratory Study of Retrospectives in Large-Scale Agile Development

Many see retrospectives as the most important practice of agile software development. Previous studies of retrospectives have focused on pro- cess and outcome at team level. In this article, we study how a large-scale agile development project uses retrospectives through an analysis of retrospective reports identifying a total of 109 issues and 36 action items as a part of a longitudinal case study. We find that most of the issues identified relate to team-level learning and improvement, and discuss these findings in relation to current advice to improve learning outcome in large-scale agile development.Learning in the Large - An Exploratory Study of Retrospectives in Large-Scale Agile DevelopmentpublishedVersio

Non-Technical Individual Skills are Weakly Connected to the Maturity of Agile Practices

Context: Existing knowledge in agile software development suggests that individual competency (e.g. skills) is a critical success factor for agile projects. While assuming that technical skills are important for every kind of software development project, many researchers suggest that non-technical individual skills are especially important in agile software development. Objective: In this paper, we investigate whether non-technical individual skills can predict the use of agile practices. Method: Through creating a set of multiple linear regression models using a total of 113 participants from agile teams in six software development organizations from The Netherlands and Brazil, we analyzed the predictive power of non-technical individual skills in relation to agile practices. Results: The results show that there is surprisingly low power in using non-technical individual skills to predict (i.e. explain variance in) the mature use of agile practices in software development. Conclusions: Therefore, we conclude that looking at non-technical individual skills is not the optimal level of analysis when trying to understand, and explain, the mature use of agile practices in the software development context. We argue that it is more important to focus on the non-technical skills as a team-level capacity instead of assuring that all individuals possess such skills when understanding the use of the agile practices.Comment: 18 pages, 1 figur

The positive impact of agile retrospectives on the collaboration of distributed development teams – A practical approach on the example of Bosch engineering GmbH

To counteract competitive pressure, increasing customer requirements and growing product complexity successful distributed collaboration in product development is vital. Companies have to face new challenges, such as efficiency losses in communication. To overcome these challenges agile working practices, such as agile retrospectives, could be beneficial. The objective of this scientific work is to evaluate the benefit of agile working practices on the example of agile retrospectives, for the improvement of collaboration in distributed development teams. Based on literature analysis, qualitative and quantitative expert interviews following the DRM by Blessing and Chakrabarti, this scientific work shows that agile working practices have a high potential to improve distributed collaboration. To address this potential, several virtual agile retrospectives are developed and conducted within a distributed team at Bosch Engineering GmbH. The evaluation of this approach results in a high potential of agile retrospectives indicating an improvement tendency. Especially iteratively implemented virtual agile retrospectives have a positive impact on successful distributed collaboration

SCRUM RETROSPECTIVES: MEASURING AND IMPROVING EFFECTIVENESS

Within Scrum, the retrospective is the principal means through which a team focuses on continuous process improvement. As such, retrospectives provide Scrum teams a method which will allow them to identify and resolve issues that impact team performance. However, it is hard to measure increased performance based on process improvements resulting from retrospectives. Through a series of semi-structured interviews with team members, Scrum Masters, Product Owners, and organizational leadership, the research will identify quantitative measures which can be used to evaluate the effectiveness of retrospectives. Subsequently, a new game-based retrospective will be developed incorporating game elements to help improve the effectiveness of retrospectives. Finally, an empirical experiment will be conducted to evaluate the quantitative measures as well as the effectiveness of the game-based retrospective

Unlocking the Secrets of Ancient Writing. The Parallel Lives of Michael Ventris and Linda Schele and the Decipherment of Mycenaean and Mayan Writing

Catalogue of an exhibition conducted in conjunction with the Eleventh International Mycenological Colloquium held at the University of Texas at Austin in 2000. This program features brief histories of the CIPEM Mycenological conferences and PASP, followed by comparative retrospectives on both Michael Ventris, who deciphered Linear B, and Linda Schele, who performed a similar feat for Mayan glyphs.Classic